Cisco Nac Agent pops up continously after succesful login
I have a clean access server configured as OOB real IP gateway.
The clients are placed in authentication VLANs on the edge of the LAN that are a couple of L3 hops from the CAS.
We have policy based routing configured to pass client traffic from the authentication VLANs to the CAS.
Once the client is certified it is popped into the clients access VLAN.
All worked ok except that the NAC agent keeps popping up after successful login, attempting to login again.
I have now deployed an ACL to drop traffic from the client Access VLANs to the CAS so the client doesn't keep poppin up.
As far as I can see there is a SWISS service running with the agent that keeps sending data packets to the CAS and causes ths agent in our case to keep trying to authenticate again and again. The ACL I created prevents these packets and stops the continuing login attampts.
The annoying this is that the client can't update its user IP details in the CAM logs when I apply this ACL.
Is this by design? I would have thought once the client is logged on then the agent wouldn't need to keep trying to log on again.
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
This document presents the ISE data limiting best practices that can dramatically improve the system performance on ISE.
Your deployment may be impacted if the alarms tab on ISE shows High load average, high CPU or high memoy usage alarm...